gog
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the 'gog' binary via a third-party Homebrew tap ('steipete/tap/gogcli'). This repository is not on the list of trusted external sources and its contents should be manually verified before installation.- [COMMAND_EXECUTION] (HIGH): The skill functions by executing shell commands. This allows an agent to perform complex operations across Google services. If the agent's instructions are manipulated, it could be used to execute arbitrary 'gog' commands that the user did not intend.- [DATA_EXFILTRATION] (HIGH): The skill facilitates data exfiltration by providing the ability to read sensitive information (via 'gog drive search', 'gog gmail search', 'gog docs cat') and the ability to transmit data externally (via 'gog gmail send').- [PROMPT_INJECTION] (HIGH): The skill has a significant surface for Indirect Prompt Injection (Category 8). Finding details:
- Ingestion points: The skill ingests untrusted data from external sources including Gmail messages, Google Docs content, and Google Drive files.
- Boundary markers: There are no boundary markers or instructions to ignore embedded commands provided in the prompt templates.
- Capability inventory: The skill possesses high-privilege write capabilities, most notably 'gog gmail send', which can be triggered by instructions found within the ingested data.
- Sanitization: No sanitization or filtering of external content is performed before it is returned to the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata